CVE-2026-24935

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

EUVD-2025-206650

Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files includes/ThanksQueryHelper.Php. This issue affects Thanks: from before 1.43.4, 1.44.1...

CVE-2025-61651 i18n XSS through Special:CheckUser CheckUser helper

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

GHSA-6FVP-WMH6-JG95 Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

GHSA-G7HJ-29XQ-R64W Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

PT-2026-5955

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A stack-based buffer overflow exists in the setIpQosRules interface of /lib/cste modules/firewall.so. The issue is due to insufficient validation of the length of the comment parameter...

PT-2026-5969

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and prior Description OpenSTAManager is an open source management software for technical assistance and invoicing. A SQL Injection vulnerability exists in the Stampe Module, specifically in the...

CVE-2025-67188

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204B20210112. The issue resides in the setRadvdCfg interface of the /lib/cstemodules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attacker...

PT-2026-5829

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

PT-2026-5954

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description The software contains a buffer overflow issue in the setUrlFilterRules interface of /lib/cste modules/firewall.so. The issue is due to insufficient validation of the length of the url...

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

PT-2026-5857

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...

PT-2026-5770

: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux QUIC protocol implementation, packet processing module modules allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3...

PT-2026-5922

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of the TP-Link Archer AX53. An authenticated, adjacent attacker can trigger a segmentation fault or...